Abstract
A pseudo-random number generator is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for pseudo-random number generator with input was proposed in 2005 by Barak and Halevi. This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the internal state. We briefly discuss the Barak-Halevi model and its extension proposed in 2013 by Dodis, Pointcheval, Ruhault, Wichs and Vergnaud to include a new security property capturing how a pseudo-random number generator should accumulate the entropy of the input data into the internal state. This property states that a pseudo-random number generator with input should be able to eventually recover from compromise even if the entropy is injected into the system at a very slow pace, and expresses the real-life expected behavior of existing designs. We also outline some variants of this model that were proposed recently.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9.
- 2.
In a similar setting, Koshiba [Kos02] proved that the linear congruential generator can be used to generate randomness in the ElGamal encryption scheme (based on some plausible assumption). Fouque, Tibouchi, and Zapalowicz [FTZ13] analyzed the security of public-key schemes when the secret keys are constructed by concatenating the outputs of a linear congruential generator. Benhamouda, Chevalier, Thillard and Vergnaud [BCTV16] proposed attacks when the RSA prime factors are constructed in this way and against the RSA encryption padding described in PKCS #1 v.1.5 when a linear congruential generator is used to generate random values.
- 3.
Gazi and Tessaro proposed a variant of a construction proposed by Bertoni, Daemen, Peeters and Van Assche in [BDPV10] and proved that it achieves robustness in a variant of the security framework of Dodis et al. in the ideal permutation model.
References
Abdalla, M., Belaïd, S., Pointcheval, D., Ruhault, S., Vergnaud, D.: Robust pseudo-random number generators with input secure against side-channel attacks. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 635–654. Springer, Cham (2015). doi:10.1007/978-3-319-28166-7_31
Benhamouda, F., Chevalier, C., Thillard, A., Vergnaud, D.: Easing coppersmith methods using analytic combinatorics: applications to public-key cryptography with weak pseudorandomness. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 36–66. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_3
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge-based pseudo-random number generators. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 33–47. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_3
Bellare, M., Goldwasser, S., Micciancio, D.: “Pseudo-random” number generation within cryptographic algorithms: the DDS case. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 277–291. Springer, Heidelberg (1997). doi:10.1007/BFb0052242
Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM CCS 05: 12th Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 203–212, 7–11 November 2005. ACM Press (2005)
Bleichenbacher, D.: On the generation of one-time keys in DL signature schemes. In: Presentation at IEEE P1363 Working Group meeting, November 2000
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits. In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, 3–5 November 1982, pp. 112–117. IEEE Computer Society Press (1982)
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13, 850–864 (1984)
Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_14
Cornejo, M., Ruhault, S.: Characterization of real-life PRNGs under partial state corruption. In: Ahn, G.-J., Yung, M., Li, N. (eds.) ACM CCS 14: 21st Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 1004–1015. ACM Press (2014)
CVE-2008-0166. Common Vulnerabilities and Exposures (2008)
Desai, A., Hevia, A., Yin, Y.L.: A practice-oriented treatment of pseudorandom number generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002). doi:10.1007/3-540-46035-7_24
Dodis, Y., Pointcheval, D., Ruhault, S., Vergnaud, D., Wichs, D.: Security analysis of pseudo-random number generators with input: /dev/random is not robust. In: Sadeghi, D., Gligor, V.D., Yung, M. (eds.) ACM CCS 13: 20th Conference on Computer and Communications Security, Berlin, Germany, 4–8 November 2013, pp. 647–658. ACM Press (2013)
Degabriele, J.P., Paterson, K.G., Schuldt, J.C.N., Woodage, J.: Backdoors in pseudorandom number generators: possibility and impossibility results. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 403–432. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53018-4_15
Dodis, Y., Shamir, A., Stephens-Davidowitz, N., Wichs, D.: How to eat your entropy and have it too – optimal recovery strategies for compromised RNGs. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 37–54. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44381-1_3
Eastlake, D., Scoreder, J., Crocker, S.: RFC 4086 - Randomness Requirements for Security, June 2005
Ferguson, N., Schneier, B.: Practical Cryptography. Wiley, New York (2003)
Fouque, P.-A., Tibouchi, M., Zapalowicz, J.-C.: Recovering private keys generated with weak PRNGs. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 158–172. Springer, Heidelberg (2013). doi:10.1007/978-3-642-45239-0_10
Gaži, P., Tessaro, S.: Provably robust sponge-based PRNGs and KDFs. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 87–116. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_4
Gutmann, P.: Software generation of practically strong random numbers. In: Proceedings of the 7th USENIX Security Symposium (1998). http://www.cypherpunks.to/peter/06_random.pdf
Goldberg, I., Wagner, D.: Randomness and the netscape browser. Dr. Dobb’s J. 2(1), 66–70 (1996)
Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your PS and QS: detection of widespread weak keys in network devices. In: Kohno, T. (ed.) Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, 8–10 August 2012, pp. 205–220. USENIX Association (2012). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger
Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28, 12–24 (1999)
Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)
Information technology - Security techniques - Random bit generation. ISO/IEC18031:2011 (2011)
Kim, S.H., Han, D., Lee, D.H.: Predictability of android OpenSSL’s pseudo random number generator. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 13: 20th Conference on Computer and Communications Security, Berlin, Germany, 4–8 November 2013, pp. 659–668. ACM Press (2013)
Killmann, W., Schindler, W.: A proposal for: Functionality classes for random number generators. AIS 20/AIS31 (2011)
Koshiba, T.: On sufficient randomness for secure public-key cryptosystems. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 34–47. Springer, Heidelberg (2002). doi:10.1007/3-540-45664-3_3
Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000). doi:10.1007/3-540-46513-8_2
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic attacks on pseudorandom number generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998). doi:10.1007/3-540-69710-1_12
Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 626–642. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_37
Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited. Cryptology ePrint Archive, Report 2012/251 (2012). http://eprint.iacr.org/2012/251
De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-Bit ECDSA. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435–452. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_25
Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151–176 (2002)
Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptogr. 30(2), 201–217 (2003)
Ruhault, S.: Security analysis for pseudo-random numbers generators. (Analyse de Sécurité des Générateurs Pseudo-Aléatoires). Ph.D. thesis, École Normale Supérieure, Paris, France (2015). https://tel.archives-ouvertes.fr/tel-01236602
Ruhault, S.: Sok: security models for pseudo-random number generators. IACR Trans. Symmetric Cryptol. 2017(1), 506–544 (2017)
Shrimpton, T., Terashima, R.S.: A provable-security analysis of intel’s secure key RNG. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 77–100. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_4
Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, 3–5 November 1982, pp. 80–91. IEEE Computer Society Press (1982)
Acknowledgments
The author would like to thank his co-authors on this active and interesting research area: Michel Abdalla, Sonia Belaïd, Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault and Daniel Wichs.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Vergnaud, D. (2017). Security of Pseudo-Random Number Generators with Input. In: Farshim, P., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2017. Lecture Notes in Computer Science(), vol 10543. Springer, Cham. https://doi.org/10.1007/978-3-319-69284-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-69284-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69283-8
Online ISBN: 978-3-319-69284-5
eBook Packages: Computer ScienceComputer Science (R0)